Once a user starts a session (or logs in, for a registered user, to associate over multiple sessions), their specific page views are followed. The data can then be used in a number of ways from targeted advertisements to email updates to often-visited sections of the site.
Would this be wrong, as long as this was noted in the Privacy Policy and such?
I think as long as you're clear in your privacy policy you're OK, legally. Morally, it may be worth it to give the users a way to opt-out.
If you do exactly what you're disclosing you may do in the Privacy Policy and the user had a clear and reasonable understanding of the Privacy Policy rules, then you're okay.
By tracking page views, you're only recording information they could reasonably expect you to anyway (it's in the weblogs anyway). What you do with that information, how you protect it, and whether you choose to anonymise it in some way are all more subjective questions, and should be clearly answered in your privacy policy.
IANAL, but if you want to contact someone at all, they should be given the choice to opt-out, and even if they don't opt out, the communications should be limited to things you could reasonably expect them to have an interest in (which may be based on page views, purchases, general site theme, whatever).
Opt-In gives you much wider range in what you can send them, since there's a much smaller chance that they just missed the opt-out.
I would pick a policy you think is reasonable, and ask a couple of co-workers if they would be happy with that policy. If they agree (and you've checked with the lawyers), make it clear in the privacy policy and go ahead.
There are certainly legal and moral ways to do something like this. However, I think that the biggest issue with something like this is more of a marketing issue.
There's a fine but important line between something like Google's targeted text ads (which I don't find intrusive) and things like popups, animated banner ads, etc. Similarly, there's not too big a difference between very targeted email updates (e.g., a "Please email me if this page is updated" box) and spammy updates (e.g., "You've used our site and we added this feature you may or may not care about!")
If you use the data you collect on customers/visitors sparingly and tactfully (especially making as much of it opt-in as possible), it should probably be fine and you won't annoy your potential repeat visitors.